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Listing of Claims 



1-13. (canceled). 

14. (new): A security management method for supporting security 
management of a plurality of managed systems executed in an information 
system comprised of computers connected through a network, comprising: 

designing security specifications to b© applied to the information 
system by using an information security policy designated by a user, 

wherein the information security policy is applied to each of the plurality 
of managed systems designated by the user, 

wherein the information security policy is selected from a first 
database, which includes a correspondence between information security 
policies and security measures, and 

wherein each security measure indicates an action to be taken to 
secure the managed systems; 

auditing a security status of the information system with respect to the 
information security policy designated by the user. 

wherein the security status indicates whether a security measure has 
been executed; 
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changing the security status of each of the managed systems based on 
a result of auditing the security status; and 

auditing the security status of the information system every time a 
security setting is changed. 

15. (new): The security management method according to claim 14, 
further comprising: 

diagnosing the security of the Information system "by using an audit 
program selected from a second database, which includes a correspondence 
between audit programs, the information security policies, the managed 
systems, and management programs, 

wherein each audit program audits the security status of each of said 
managed systems, and 

wherein the management programs manage security measures of the 
information security policies and are designated by the user when performing 
the step of designing the security specifications; and 

changing, by a management program selected from the second 
database, the security status of a managed system corresponding to the 
management program, so as to adjust the security status in accordance with 
an information security policy corresponding to the management program. 
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16. (new): The security management method according to claim 14, 
further comprising: 

In accordance with a security setting content received from the user, 
changing, by a management program selected from a second database, the 
security status of a managed system corresponding to the management 
program, so as to adjust the security status in accordance with the information 
security policy corresponding to the management program, 

wherein the second database includes a correspondence between 
audit programs, the information security policies, the managed systems, and 
management programs. 

17. (new): The security management method according to claim 14, 
further comprising: 

checking the result of auditing against security hole information 
published by a security information organization such as Computer 
Emergency Response Team (CERT) to determine if a security hole exists; 
and 

changing the security status of the managed system in which a security 
hole is found. 
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18. (new): A security management system for supporting security 
management of managed systems executed in an information system 
comprised of computers connected tlirough a network, comprising: 

a first database, which includes information regarding the managed 
systems to which information security policies are applied; 

a second database, which includes information regarding specifications 
of information security policies; 

a third database, which includes a correspondence between the 
managed systems and information security policies; 

a management and audit object area control section which selects, 
from said first database, managed systems to which information security 
polices are applied based on a designation by a user; 

an information security policy selection control section which extracts, 
from said second database, information security policy specifications based 
on a designation by a user; 

an information security policy/security management and audit program 
correspondence control section that extracts, from said third database, an 
information security policy corresponding to the managed systems, and 
designs security specifications for each of the managed systems by using the 
information security policy specifications designated by the user; 

a plurality of audit sections that audit a security status of the 
information system with respect to the information security policy designated 
by the user, 
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wherein the security status indicates whether a specific action to 
secure the managed systems has been executed; and 

a plurality of management sections that obtain the security status of the 
information system, based on audit results from the plurality of audit sections, 
and manage security status relating to the Information security policy of the 
managed systems in order to bring the security status of the managed 
systems in conformity with the information security policy specified by the 
security specification designed at the information security policy/security 
management and audit program correspondence control section. 

wherein the information security policy/security management and audit 
program correspondence control section audits the security status of the 
information system every time a security setting is changed. 
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